GraphQL Schema Introspector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly says it "connects to GraphQL endpoints using standard introspection queries and the Apollo Client devtools protocol," meaning it fetches and parses schemas from external GraphQL endpoints (untrusted third-party sources) which the agent reads and uses to drive analysis and documentation generation, so those remote contents could inject instructions that influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation commands (e.g., "npx skills add agentskillexchange/skills --skill graphql-schema-introspector") fetch and execute remote package code (agentskillexchange/skills) at install/runtime and the skill lists the marketplace URL https://agentskillexchange.com/skills/graphql-schema-introspector/ as its external source, so the fetched content can execute remote code and is required for the skill.